建立轉換傳入理賠要求規則Create a Rule to Transform an Incoming Claim

本文內容

使用轉換取得連入規則範本 Active Directory 同盟服務 (AD FS)，在選取傳入理賠要求、變更其宣告類型，並變更其理賠要求值。By using the Transform an Incoming Claim rule template in Active Directory Federation Services (AD FS), you can select an incoming claim, change its claim type, and change its claim value.例如，您可以使用此規則範本建立會傳送具有相同的理賠要求值，連入的群組宣告的角色理賠要求規則。For example, you can use this rule template to create a rule that sends a role claim with the same claim value of an incoming group claim.您也可以使用此規則傳送群組宣告項採購宣告值的值為系統管理員，連入的群組宣告或您可以傳送只使用者主體名稱 (UPN) 宣告使用該結束時@fabrikam。You can also use this rule to send a group claim with a claim value of Purchasers when there is an incoming group claim with a value of Admins, or you can send only user principal name (UPN) claims that end with @fabrikam.

您可以使用下列程序，以建立 AD FS 管理 snap\ 中理賠要求規則。You can use the following procedure to create a claim rule with the AD FS Management snap-in.

資格在系統管理員，或相當於、在本機電腦上已完成此程序的最低需求。Membership in Administrators, or equivalent, on the local computer is the minimum requirement to complete this procedure.檢視詳細資料使用適當的帳號，並群組成員資格，本機和網域預設群組。Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups.

若要建立轉換可以方信任 Windows Server 2016 上的連入理賠要求規則To create a rule to transform an incoming claim on a Relying Party Trust in Windows Server 2016

在選取 [規則範本頁面上，在理賠要求規則範本，選取轉換連入宣告從清單中，然後按一下下一步。On the Select Rule Template page, under Claim rule template, select Transform an Incoming Claim from the list, and then click Next.

在設定規則頁面上，在理賠要求規則名稱，輸入顯示名稱本規則。On the Configure Rule page, under Claim rule name, type the display name for this rule.在傳入宣告類型，請選取清單鍵入理賠要求。In Incoming claim type, select a claim type in the list.在傳出宣告類型，選取 [宣告類型清單中，選取其中一項下列選項，您的組織需求而定：In Outgoing claim type, select a claim type in the list, and then select one of the following options, which depends on the requirements of your organization:

通過所有宣告值Pass through all claim values

使用不同的傳出宣告值取代傳入宣告值Replace an incoming claim value with a different outgoing claim value

如果您的設定，請使用 AD FS\ 發行宣告動態存取控制案例，第一次建立轉換規則信任宣告提供者，以及傳入宣告類型，輸入名稱，連入宣告，或如果您之前已建立宣告描述，從清單中選取它。If you are setting up the Dynamic Access Control scenario that uses AD FS-issued claims, first create a transform rule on the claims provider trust, and in Incoming claim type, type the name for the incoming claim, or, if a claim description was previously created, select it from the list.第二個，在傳出宣告類型、選取您想要宣告 URL，然後建立轉換規則信賴廠商信任發行裝置理賠要求。Second, in Outgoing claim type, select the claim URL that you want, and then create a transform rule on the relying party trust to issue the device claim.

在選取 [規則範本頁面上，在理賠要求規則範本，選取轉換連入宣告從清單中，然後按一下下一步。On the Select Rule Template page, under Claim rule template, select Transform an Incoming Claim from the list, and then click Next.

在設定規則頁面上，在理賠要求規則名稱，輸入顯示名稱本規則。On the Configure Rule page, under Claim rule name, type the display name for this rule.在傳入宣告類型，請選取清單鍵入理賠要求。In Incoming claim type, select a claim type in the list.在傳出宣告類型，選取 [宣告類型清單中，選取其中一項下列選項，您的組織需求而定：In Outgoing claim type, select a claim type in the list, and then select one of the following options, which depends on the requirements of your organization:

通過所有宣告值Pass through all claim values

使用不同的傳出宣告值取代傳入宣告值Replace an incoming claim value with a different outgoing claim value

如果您的設定，請使用 AD FS\ 發行宣告動態存取控制案例，第一次建立轉換規則信任宣告提供者，以及傳入宣告類型，輸入名稱，連入宣告，或如果您之前已建立宣告描述，從清單中選取它。If you are setting up the Dynamic Access Control scenario that uses AD FS-issued claims, first create a transform rule on the claims provider trust, and in Incoming claim type, type the name for the incoming claim, or, if a claim description was previously created, select it from the list.第二個，在傳出宣告類型、選取您想要宣告 URL，然後建立轉換規則信賴廠商信任發行裝置理賠要求。Second, in Outgoing claim type, select the claim URL that you want, and then create a transform rule on the relying party trust to issue the device claim.

主控台中在AD FS\Trust 關係，按一下宣告提供者信任或可以廠商信任，，然後按一下 [特定信任在清單中您想要用來建立本規則。In the console tree, under AD FS\Trust Relationships, click either Claims Provider Trusts or Relying Party Trusts, and then click a specific trust in the list where you want to create this rule.

在編輯理賠要求規則對話方塊中，選取其中一種下列索引標籤，而定信任您正在編輯，並在哪一個規則設定您想要建立本規則，然後按一下 [ [新增規則以開始規則該組相關聯的規則精靈：In the Edit Claim Rules dialog box, select one the following tabs, which depends on the trust that you are editing and in which rule set you want to create this rule, and then click Add Rule to start the rule wizard that is associated with that rule set:

接受轉換規則Acceptance Transform Rules

發行轉換規則Issuance Transform Rules

發行授權規則Issuance Authorization Rules

委派授權規則Delegation Authorization Rules

在選取 [規則範本頁面上，在理賠要求規則範本，選取轉換連入宣告從清單中，然後按一下下一步。On the Select Rule Template page, under Claim rule template, select Transform an Incoming Claim from the list, and then click Next.

在設定規則頁面上，在理賠要求規則名稱，輸入顯示名稱本規則。On the Configure Rule page, under Claim rule name, type the display name for this rule.在傳入宣告類型，請選取清單鍵入理賠要求。In Incoming claim type, select a claim type in the list.在傳出宣告類型，選取 [宣告類型清單中，選取其中一項下列選項，您的組織需求而定：In Outgoing claim type, select a claim type in the list, and then select one of the following options, which depends on the requirements of your organization:

通過所有宣告值Pass through all claim values

使用不同的傳出宣告值取代傳入宣告值Replace an incoming claim value with a different outgoing claim value

如果您的設定，請使用 AD FS\ 發行宣告動態存取控制案例，第一次建立轉換規則信任宣告提供者，以及傳入宣告類型，輸入名稱，連入宣告，或如果您之前已建立宣告描述，從清單中選取它。If you are setting up the Dynamic Access Control scenario that uses AD FS-issued claims, first create a transform rule on the claims provider trust, and in Incoming claim type, type the name for the incoming claim, or, if a claim description was previously created, select it from the list.第二個，在傳出宣告類型、選取您想要宣告 URL，然後建立轉換規則信賴廠商信任發行裝置理賠要求。Second, in Outgoing claim type, select the claim URL that you want, and then create a transform rule on the relying party trust to issue the device claim.